It occurs to me that perhaps we don’t always do due diligence when it comes to establishing a credible business case for IAM intiatives, and this only comes back to bite us later. One of the easiest metrics is the number of AD Admin password resets to justify a MIM 2016 SSPR (self service password rese) investment, and if we take the recommendation of this blog post, then this is as simple as applying a Windows Event Log filter on each of your AD DCs.

I’ve set this up on one of my DCs and exported it here for you to try yourself – just save to an XML file and import it from an MMC snapin (Event Viewer console):

Of course if you have plenty of DCs you won’t want to be doing this on a constant basis – so you will want to run this on a schedule say via PowerShell and collate the data in some way – perhaps PowerBI?

Anyhow, if you take the time to look at the facts that come out of a simple query like the above, then you can provide some factual evidence to substantiate your MIM SSPR investment.